[Info-vax] I guess VMS can't lose?

Main, Kerry Kerry.Main at hp.com
Sun Nov 7 22:31:42 EST 2010 

> -----Original Message-----
> From: info-vax-bounces at rbnsn.com [mailto:info-vax-bounces at rbnsn.com]
> On Behalf Of Simon Clubley
> Sent: November-07-10 5:41 PM
> To: info-vax at rbnsn.com
> Subject: Re: [Info-vax] I guess VMS can't lose?
> 
> On 2010-11-07, Main, Kerry <Kerry.Main at hp.com> wrote:
> >
> > Those who say otherwise have no real experience in large Linux shops.
> >
> > These shops have given up testing important apps before they roll out
> > the 5-20+ security patches per month. They have adopted the old
> > Wintel strategy of "patch-n-pray".
> >
> 
> You may wish to discontinue posting this type of comment until after the
> new VMS engineering team gets it's act together.
> 
> Simon.
> 

You missed the point. 

While I will certainly admit there was some recent issues with patches and 
OpenVMS, these were not related to security. (there may have been 1 or 2 
security issues in the last 6 months, but we are talking about security patch
volume here)

There is a huge, huge difference between security and functionality patches. 

Many Customers with mission critical apps are forced by policies or regulatory 
compliance to apply security patches over a certain level within xx days. 

Functionality patches and kits are under no similar drivers.

Linux (and Wintel) have 5-20+ security patches released each and EVERY
month. When you have hundreds+ of servers, how do you ensure the
Important apps are retested before all of these patches are rolled out
in the time frames required? 

How do you check which servers get which security patches when in most 
of these environments, the admins do not even know what is running on 
these servers. They have so many VM's sprouting that the VM sprawl 
they have today is actually worse than the x86 sprawl they had before.

Keep in mind that the biggest source of security threats these days are
internal sources, so forget the "we have a good firewall, so we do not need
to keep our internal systems up to date".

And forget the "commodity systems are more popular, hence have more
security holes found..". That is like saying corner stores have the same 
security as banks, but because there are more of them, they are broken
into more often.

When it comes to security, no platform is perfect (including OpenVMS),
but it is a question of volume  of security patches.

At some point, Customers are going to realize they cannot afford commodity 
systems (Wintel/Linux) for mission critical environments.

Imho, as we move towards internal cloud environments (aka shared services),
where end users do not care what OS is running in the background, this
will become even clearer.

Regards,

Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-797-4937
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that simply works

More information about the Info-vax mailing list